/**
 * =================================================================
 * 版权所有 2011-2013 深圳市泰海网络科技服务有限公司，并保留所有权利
 * -----------------------------------------------------------------
 * 这不是一个自由软件！您不能在任何未经允许的前提下对程序代码进行修改和使用；
 * 不允许对程序代码以任何形式任何目的的再发布
 * =================================================================
 */
package com.imoney.payment.web.interceptor;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Repository;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.imoney.framework.base.exception.ServiceException;
import com.imoney.payment.web.common.domain.User;
import com.imoney.payment.web.exception.SessionTimeOutException;
import com.imoney.payment.web.utils.WebUtil;

/**
 * 类说明：<br>
 * 
 * <p>
 * 详细描述：<br>
 * 
 * </p>
 * 
 * <pre>
 * ——————————————————————————————————————————————————————————————————
 * |		修改人		|		修改时间			|		修改原因
 * ——————————————————————————————————————————————————————————————————
 * |	zengxx 曾宪新	|		2013-6-3		|	
 * ——————————————————————————————————————————————————————————————————
 * </pre>
 * 
 * @author zengxx 曾宪新(Xavier.zeng)
 * 
 *         CreateDate: 2013-6-3
 */
@Repository
public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {

	private List<String> allowUrls;

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		request.setCharacterEncoding("UTF-8");
		response.setCharacterEncoding("UTF-8");
		response.setContentType("text/html;charset=UTF-8");

		/**
		 * 直接访问的连接
		 */
		String requestUrl = request.getRequestURI();
		for (String url : allowUrls) {
			if (requestUrl.endsWith(url)) {
				return true;
			}
		}

		/**
		 * 判断是否登录
		 */
		User user = (User) WebUtil.getSession(request, "USER");
		if (null == user) {
			throw new SessionTimeOutException();
		}

		/**
		 * 判断非法字符
		 */
		Map<String, String[]> params = request.getParameterMap();
		for (Iterator<Entry<String, String[]>> it = params.entrySet()
				.iterator(); it.hasNext();) {
			Entry<String, String[]> entry = it.next();
			String[] values = entry.getValue();
			for (String str : values) {
				if (!WebUtil.isInvalidChar(str)) {
					throw new ServiceException(0, "有非法字符：" + str);
				}
			}
		}

		return super.preHandle(request, response, handler);
	}

	@Override
	public void postHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
		System.out.println("Post-handle");
	}

	@Override
	public void afterCompletion(HttpServletRequest request,
			HttpServletResponse response, Object handler, Exception ex)
			throws Exception {
		System.out.println("After completion handle");
	}

	public void setAllowUrls(List<String> allowUrls) {
		this.allowUrls = allowUrls;
	}

}
